Yahoo Confirms Security Breach after User Credentials Surfaced on the Darknet

It’s now official, Yahoo was indeed hacked! The reports of possible security breach have been floating around since last month. The company has now officially announced that the platform suffered

The reports of a possible security breach have been floating around the internet for months now. A recent announcement by the company confirms these reports. According to Yahoo, the platform was hacked in late 2014, compromising over 500 million user accounts.

The hackers have reportedly stolen login credentials and personal information associated with these compromised accounts.  Yahoo believes that the hack was carrried out by a “state-sponsored actor”. Blaming the incident on a state-sponsored actor doesn’t come as a surprise as it has now become a standard response. Most of the recent hacking incidents, including the ones targetting DNC, WADA and now Yahoo are all attributed to state-sponsored actors, signifying the involvement of Russian Government.

yahoo hack

yahoo hack

The initial signs of a potential security breach surfaced on the darknet few months ago. A hacker, going by the name “Peace_of_mind” a.k.a “Peace” was offering over 200 million Yahoo user credentials on the darknet for a price of 3 BTC. Peace has been associated with previous security breaches affecting Myspace and LinkedIn. It is believed that Peace used to be a member of a Russian hacker team responsible for a string of attacks on various sites during 2012 and 2013.

Yahoo’s investigation started after the availablity of user data on the darknet was reported by one of the tech publication. During the course of investigation, the company has found that the platform was compromised way back in 2014. The security breach had gone unnoticed until now. Yahoo is currently working with the Federal Bureau of Investigation and other law enforcement agencies to find out more about the person(s) behind the hack.

It is advisable for users to change the login credentials of their Yahoo accounts and any other online service sharing the same password. Also, Yahoo has announced that all the emails sent by the company will include a purple “Y” icon and it will not ask the users to click on any link, download any attachment or request personal information.

These latest developments are expected to affect the pending acquisition of Yahoo by Verizon as it will be revaluating the cybersecurity standards of the platform before closing the deal.

Ref: Motherboard | Economic Times | Tech Radar | Image: CBR